Feds charge confessed Anon member after tracking his digital footprints

A Texas-based Linux admin was charged with hacking into the websites of at least 4 police groups after FBI agents engaged him in an online manhunt that mined photo metadata, Facebook profiles, and other digital evidence. He says he's surrendered all accounts in his control, but his status as a cooperating witness is anything but clear.

Why you always turn off photo meta data folks, like the GPS data of where you took the photo is relevant, if you want to tell people that then say "taken in so and so" in the description. It also contained the time and date, so it can be known you were at this location at this or that time and all broadcasted on the internet for eternity.

So he turns over evidence and then publicly admits to lying to the feds, thus nullifying any benefits of cooperation (even if there's some false information, I'm sure they can sort that out; the feds have been sorting through anon's false flags for a while now). Something tells me this guy isn't very bright.

If the state and or federal authorities wish to claim that they are above everyone else, make the rules for everyone else, why should they not be held to a commensurate standard of accountability? Where is the public outcry to have these organizations prosecuted for allowing their resources to be hacked by mere private sector drones?

Hmmmm, all sounds a bit too easy doesn't it say what? Your good enough to hack the police but too stupid to scrub a photo, ~yeh~ ok, lol,,,, sure. What branch of anonymous did he admit to being a part of.~[ha,ha]

The GPS data in the image showed it was taken with an iPhone 4 at a location in South VIC, Australia. By searching Facebook, agents soon learned that a girlfriend of Ochoa's had graduated from a high school about 700 miles away.

How does this work? How did they use the metadata to find a specific picture on Facebook? Can this be done through search engines, or does Facebook have an internal interface that lets one search by metadata that the FBI have access too? As far as I'm aware, there's no such user-facing interface on FB.

Eh... It has its positive sides. Effort is wasted on catching those that are willing to "sign" their work to get some kind of recognition. Methods learned by the apprehending party will quickly become outdated.

What's up with people not covering their tracks properly nowadays? I bet that photo was taken with a cellphone too.

What these people don't understand is that it takes A SHIT TON of discipline to create a separate identity and ensure that it has ZERO traceability to their real identity. Eventually, a large majority of these people will be caught. I actually had a pretty in depth conversation with one of my co-workers who was a forensics investigator for several years about this very topic. Eventually, the hacker will slip up, it literally, only takes ONE time to not connect to Tor or mention personal information and you're done.

"...(It would seem to me neither the DPS administrator nor the FBI fully understand the 'complexity' of SQL injections.)"

What a moron Ochoa is. He's too stupid to understand that he was being interrogated as a suspect in a crime, here is is complaining about them not understanding the " 'complexity' of SQL injections.)". Obviously there is one word this guy doesn't fully understand himself - Lawyer.

I loved interrogating people like this, they make life easy for investigators.

So a GPS position *700 miles* away from somewhere his girlfriend was several years ago is tangible evidence?!

I didn't understand that, either.

By confirming that his girlfriend is indeed the person seen in pictures he left on the various websites were targeted, it's just another piece of evidence linking Ochoa to the w0rmer psuedonym.

Of course, this is on top of the screenshot he posted on twitter with both his w0rmer and higochoa accounts logged into Skype and an IRC client, and the posting he made on gmane.org with both his real and online names.

The GPS data in the image showed it was taken with an iPhone 4 at a location in South VIC, Australia. By searching Facebook, agents soon learned that a girlfriend of Ochoa's had graduated from a high school about 700 miles away.

How does this work? How did they use the metadata to find a specific picture on Facebook? Can this be done through search engines, or does Facebook have an internal interface that lets one search by metadata that the FBI have access too? As far as I'm aware, there's no such user-facing interface on FB.

I'm assuming it went a little like this: the image was posted on the sites he hacked, that photo had the metadata embedded into it showing that it was taken at South VIC, Australia. The FBI then searched for Ochoa's friends on FB and found one that was his girlfriend who lived 700 miles from where the photo was taken.

What a moron, using someones internet in his own building, linking his online handle with his hacking activities and his real name.... most hackers arent nearly as good as they think they are...the only lulz ill get out of this whole thing is how many crappy idiots who call themselves hackers yet cant remember to not leave any clues on where they are at or use their neighbors unsecured wireless get busted out of all this. Sure much of the internet security is a joke but make money fixing the problem not doing stupid crap and going to jail.

After some of the attacks were announced by a Twitter user called @Anonw0rmer, agents searched the Internet for users using the handle w0rmer. They quickly stumbled on this post, which was signed "Higino Ochoa AkA w0rmer" [sic]. The attack on the Texas Department of Public Safety, which this post attributed to w0rmer and CabinCr3w, used an IP address belonging to someone who resided in the same apartment building Ochoa lived in.

After some of the attacks were announced by a Twitter user called @Anonw0rmer, agents searched the Internet for users using the handle w0rmer. They quickly stumbled on this post, which was signed "Higino Ochoa AkA w0rmer" [sic]. The attack on the Texas Department of Public Safety, which this post attributed to w0rmer and CabinCr3w, used an IP address belonging to someone who resided in the same apartment building Ochoa lived in.

Considering that he got caught, I would have to agree! The problem with these hackers is that in their quest to 'fight the powers that be' and to 'right perceived wrongs', they also feel the need to brag about it. That of course is their biggest mistake. If they would just shut up, do what they want to do, they would probably do a lot more damage and get away with it.

But, by craving attention and recognition for what they've done, they leave clues, and after that it's just a matter of playing connect-the-dots.

If the state and or federal authorities wish to claim that they are above everyone else, make the rules for everyone else, why should they not be held to a commensurate standard of accountability? Where is the public outcry to have these organizations prosecuted for allowing their resources to be hacked by mere private sector drones?

Okidokee then, lets look at your little theory here for making the rules fair and even......

So next time your the victim of a crime you can be prosecuted too simply for allowing yourself to be a victim, maybe a steep fine or some jail time will teach you not to be a victim again.

While we are at it, lets also learn to read minds and tell the future so we can be pro-active and avoid being a victim so we will not be prosecuted for becoming a victim.

Oh, lets not forget too, the necessary force required to not become a crime victim means in most cases deadly force because the only way to positively stop being a victim of crime without a doubt is to end the ability of the criminal to commit a crime in the first place - so everyone go out and get a gun and the next time you think you will be the victim of a crime then shoot first and protect yourself from being prosecuted for simply being a victim.

Seriously, did you think about what you wrote or are you so twisted in your logic that your thinking the Anonymous way?

The relevancy of the photo / girlfriend connection should be obvious. This is TEXAS we are talking about. They threatened him that, since her face isn't showing, the boobs would be considered evidence and would be seized.